Information Disclosure Vulnerability in Internet Explorer
Microsoft just publish KB Article 980088 [1] in response to the recently announced vulnerability in Internet Explorer. Microsoft confirms that it is possible for a malicious website to read files from the clients computer. All versions of Windows and Internet Explorer appear to be affected.
There is currently no patch for this problem. Microsoft advices users to set the Internet and Local Intranet security zone settings to "High". This will cause a prompt before running ActiveX Controlls and active scripting.
The attacker needs to know the file name. However, a typical target for this vulnerability would be a configuration file which is typically located at a predictable location.
[1] http://www.microsoft.com/technet/security/advisory/980088.mspx
------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter
Application Security: Securing Web Apps, APIs, and Microservices | Washington | Dec 13th - Dec 18th 2024 |
Comments
You might want to change that to "affected"...
eb
Feb 3rd 2010
1 decade ago
cyber armageddon
Feb 3rd 2010
1 decade ago
Richard
Feb 4th 2010
1 decade ago
Mark
Feb 4th 2010
1 decade ago
bodik
Feb 4th 2010
1 decade ago
dilbert
Feb 4th 2010
1 decade ago
http://www.coresecurity.com/content/internet-explorer-dynamic-object-tag
It will actually give you some idea of what you are dealing with.
gman
Feb 5th 2010
1 decade ago
Shawn
Feb 5th 2010
1 decade ago